<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 6.3.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"ghostlitao.gitee.io","root":"/","scheme":"Gemini","version":"7.8.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":false,"show_result":false,"style":null},"back2top":{"enable":true,"sidebar":false,"scrollpercent":false},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":false,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}}};
  </script>

  <meta name="description" content="搭建 ADFS 之后,默认已经开启了 Oauth2.0. 注意添加或者使用已有的 信赖方信任 , 增加一个自己的标识符 参考 https:&#x2F;&#x2F;blog.scottlogic.com&#x2F;2015&#x2F;03&#x2F;09&#x2F;OAUTH2-Authentication-with-ADFS-3.0.html http:&#x2F;&#x2F;www.gi-architects.co.uk&#x2F;2016&#x2F;04&#x2F;setup-oauth2-on-ad">
<meta property="og:type" content="article">
<meta property="og:title" content="ADFS 3.0 + Oauth2.0">
<meta property="og:url" content="https://ghostlitao.gitee.io/2019/06/25/ADFS-3-0-Oauth2-0/index.html">
<meta property="og:site_name" content="去找Todd">
<meta property="og:description" content="搭建 ADFS 之后,默认已经开启了 Oauth2.0. 注意添加或者使用已有的 信赖方信任 , 增加一个自己的标识符 参考 https:&#x2F;&#x2F;blog.scottlogic.com&#x2F;2015&#x2F;03&#x2F;09&#x2F;OAUTH2-Authentication-with-ADFS-3.0.html http:&#x2F;&#x2F;www.gi-architects.co.uk&#x2F;2016&#x2F;04&#x2F;setup-oauth2-on-ad">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2019-06-25T10:38:46.000Z">
<meta property="article:modified_time" content="2019-06-25T10:38:46.000Z">
<meta property="article:author" content="Todd">
<meta property="article:tag" content="用不明白的Windows">
<meta name="twitter:card" content="summary">

<link rel="canonical" href="https://ghostlitao.gitee.io/2019/06/25/ADFS-3-0-Oauth2-0/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'zh-CN'
  };
</script>

  <title>ADFS 3.0 + Oauth2.0 | 去找Todd</title>
  


  <script>
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "https://hm.baidu.com/hm.js?d988341c748563d16048e8e7dab0f384";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>




  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <div class="headband"></div>

    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <h1 class="site-title">去找Todd</h1>
      <span class="logo-line-after"><i></i></span>
    </a>
      <p class="site-subtitle" itemprop="description">Todd的博客</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
    </div>
  </div>
</div>




<nav class="site-nav">
  <ul id="menu" class="main-menu menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a>

  </li>
        <li class="menu-item menu-item-tags">

    <a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a>

  </li>
        <li class="menu-item menu-item-categories">

    <a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a>

  </li>
  </ul>
</nav>




</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content post posts-expand">
            

    
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://ghostlitao.gitee.io/2019/06/25/ADFS-3-0-Oauth2-0/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="https://mp-b6a394ba-6e60-4cdf-941a-67c55476595e.cdn.bspapp.com/cloudstorage/43eb35ef-1aed-4d61-9ebb-a777fa49e70a.">
      <meta itemprop="name" content="Todd">
      <meta itemprop="description" content="把生命浪费在美好的实物上">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="去找Todd">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          ADFS 3.0 + Oauth2.0
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-calendar"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              <time title="创建时间：2019-06-25 18:38:46" itemprop="dateCreated datePublished" datetime="2019-06-25T18:38:46+08:00">2019-06-25</time>
            </span>

          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <p>搭建 ADFS 之后,默认已经开启了 Oauth2.0.</p>
<p>注意添加或者使用已有的 <em>信赖方信任</em> , 增加一个自己的标识符</p>
<p>参考 <a target="_blank" rel="noopener" href="https://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html">https://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html</a></p>
<p><a target="_blank" rel="noopener" href="http://www.gi-architects.co.uk/2016/04/setup-oauth2-on-adfs-3-0/">http://www.gi-architects.co.uk/2016/04/setup-oauth2-on-adfs-3-0/</a></p>
<p>如果遇到:<br>error&#x3D;invalid_resource&amp;error_description&#x3D;MSIS9602%3a+The+received+%27resource%27+parameter+is+invalid.+The+authorization+server+can+not+find+a+registered+resource+with+the+specified+identifier.<br>说明 <strong>未信任</strong>  或者 标识符传错了</p>
<p>以下为具体的实验过程:</p>
<ol>
<li><p>powershell Add-ADFSClient -Name “OAUTH2 Test Client” -ClientId “todd” -RedirectUri “<a target="_blank" rel="noopener" href="http://192.168.0.20:3000/getAToken">http://192.168.0.20:3000/getAToken</a>“</p>
</li>
<li><p><a target="_blank" rel="noopener" href="https://win-r9jnunkcelj.rinsys.com/adfs/oauth2/authorize?response_type=code&client_id=todd&resource=urn:relying:party:trust:identifier&redirect_uri=http://192.168.0.20:3000/getAToken">https://win-r9jnunkcelj.rinsys.com/adfs/oauth2/authorize?response_type=code&amp;client_id=todd&amp;resource=urn%3Arelying%3Aparty%3Atrust%3Aidentifier&amp;redirect_uri=http%3A%2F%2F192.168.0.20%3A3000%2FgetAToken</a><br>-&gt;<br><a target="_blank" rel="noopener" href="https://win-r9jnunkcelj.rinsys.com/adfs/oauth2/authorize?response_type=code&client_id=todd&resource=urn:relying:party:trust:identifier&redirect_uri=http://192.168.0.20:3000/getAToken">https://win-r9jnunkcelj.rinsys.com/adfs/oauth2/authorize?response_type=code&amp;client_id=todd&amp;resource=urn:relying:party:trust:identifier&amp;redirect_uri=http://192.168.0.20:3000/getAToken</a></p>
</li>
<li><p>跳转回来<br><a target="_blank" rel="noopener" href="http://192.168.0.20:3000/getAToken?code=e2mLrbaVpE2FWqoMNi22mA.8HELk0v51ggBAJG8n-ZHcAqXb_g.ZkFq_HFfJaGRVlahEtt4UObe790oNKRkLs3j4vDpOWCOZO3X3Pk4nSiuPmbVCcUaCxbuB8g6FvEP-6c6NpUBleJ0ONsSL3qoNuaY1WtWZI2jXvvpB3NEIyQa6YB8TD3qfojLmjWiqqrcHp6KpDj2FOiCM1dZ3TUee5JNJkT9h9LqjuVdDOQiGvoU8XNTkPodxB2V9pLWO3jNzjXrafO38A1eEj2ZsvxvYOU1Fa_ufQnsE49deV2pAln7NpPOMxDt-DKOguT9USLaryQz9Unfo5iQJzCD66TqLYNSctLdw7_L8P3DcjFnKAKXK4vq5a75FunE664FqftEs5FLYzfTDg">http://192.168.0.20:3000/getAToken?code=e2mLrbaVpE2FWqoMNi22mA.8HELk0v51ggBAJG8n-ZHcAqXb_g.ZkFq_HFfJaGRVlahEtt4UObe790oNKRkLs3j4vDpOWCOZO3X3Pk4nSiuPmbVCcUaCxbuB8g6FvEP-6c6NpUBleJ0ONsSL3qoNuaY1WtWZI2jXvvpB3NEIyQa6YB8TD3qfojLmjWiqqrcHp6KpDj2FOiCM1dZ3TUee5JNJkT9h9LqjuVdDOQiGvoU8XNTkPodxB2V9pLWO3jNzjXrafO38A1eEj2ZsvxvYOU1Fa_ufQnsE49deV2pAln7NpPOMxDt-DKOguT9USLaryQz9Unfo5iQJzCD66TqLYNSctLdw7_L8P3DcjFnKAKXK4vq5a75FunE664FqftEs5FLYzfTDg</a></p>
</li>
<li><p>发送<br>POST &#x2F;adfs&#x2F;oauth2&#x2F;token HTTP&#x2F;1.1<br>Content-Type: application&#x2F;x-www-form-urlencoded<br>Host: your.adfs.server<br>Content-Length: <some number></p>
</li>
</ol>
<p>grant_type&#x3D;authorization_code&amp;client_id&#x3D;some-uid-or-other&amp;redirect_uri&#x3D;http%3A%2F%2Flocalhost%3A3000%2FgetAToken&amp;code&#x3D;thecode</p>
<p>遇到错误:<br>{<br>    “error”: “invalid_request”,<br>    “error_description”: “MSIS9609: The ‘redirect_uri’ parameter is invalid. No redirect uri with the specified value is registered for the received ‘client_id’. “<br>}<br>特么的 竟然是因为 URL encode 了 redirect_uri . 因为是 POST,不用encode 这个参数.</p>
<p>5.获取Token:<br>{<br>    “access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjBzTVZIOXlVdFlyaFhCd0hOcTdRejZrRm5XZyJ9.eyJhdWQiOiJ1cm46cmVseWluZzpwYXJ0eTp0cnVzdDppZGVudGlmaWVyIiwiaXNzIjoiaHR0cDovL1dJTi1SOUpOVU5LQ0VMSi5yaW5zeXMuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NjE0NTQzOTQsImV4cCI6MTU2MTQ1Nzk5NCwidXBuIjoiQWRtaW5pc3RyYXRvckByaW5zeXMuY29tIiwidWlkIjoiQWRtaW5pc3RyYXRvciIsInN1YiI6ImFkbWluaXN0cmF0b3JAcmluc3lzLmNvbSIsImF1dGhfdGltZSI6IjIwMTktMDYtMjVUMDk6MDA6MzAuMTAyWiIsImF1dGhtZXRob2QiOiJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydCIsInZlciI6IjEuMCIsImFwcGlkIjoidG9kZCJ9.R7YOyp986M6sYPrjyCI5JAVEZ0XTat9i89Hi8PeV4xQbe5NLrjO6CqpN2v_C_sCj5PgGyBMkAHKX4Bgyf3s4eisilrsU7t08td2nYU05rzHL8IHF_Emv0B2s0OsbY5kkACI8iYAW0rQ7ZpfUitWgygTR-GtvBnZfAfn65OpEX87Gt_x6hXL88Oacia9Le1tBFX3MiK3ShrsIv4LrSaFw5HxfN_yfieZqxndmuXOL3tcna1jyamUdmMa4WcfdNwSRlxwVlUZvbGYxSHXgSwfUvak_zkekAEFI5QtNup85ZBp1JPehlXePOBLJ_ZGErIbt-5lmHT6uX2H–qKGEFbYeg”,<br>    “token_type”: “bearer”,<br>    “expires_in”: 3600,<br>    “refresh_token”: “_bhAioyNOFP-uPNqFdMUf3SW4RIyMaRcW1uFsnTohr4AAQAAKHBS9_LiM8OMqOH7mNv6JT_D1fm3LilU-bJGPi-6uHvW-mSkDHqgqy2JhdAocmsNZ08Duzcf6PV5pO9Z-CX-4EvuYTC7silc043QLXl1MOOxhw2V5sC6hrjO5BsUWXLRoGKerWrCAaW1TwS1bb9G1XtTgGigX2UjvcN8Z0u9_RV-“<br>}</p>

    </div>

    
    
    

      <footer class="post-footer">
          <div class="post-tags">
              <a href="/tags/%E7%94%A8%E4%B8%8D%E6%98%8E%E7%99%BD%E7%9A%84Windows/" rel="tag"># 用不明白的Windows</a>
          </div>

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2019/06/15/WizNote-%E8%BF%81%E5%87%BA%E8%AE%B0%E5%BD%95/" rel="prev" title="WizNote 迁出记录">
      <i class="fa fa-chevron-left"></i> WizNote 迁出记录
    </a></div>
      <div class="post-nav-item">
    <a href="/2019/06/28/%E7%94%B3%E8%AF%B7-Let-s-Encrypt-%E8%AF%81%E4%B9%A6%E5%AF%BC%E5%85%A5%E5%88%B0-ADFS/" rel="next" title="申请 Let's Encrypt  证书导入到 ADFS">
      申请 Let's Encrypt  证书导入到 ADFS <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  



          </div>
          

<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image" alt="Todd"
      src="https://mp-b6a394ba-6e60-4cdf-941a-67c55476595e.cdn.bspapp.com/cloudstorage/43eb35ef-1aed-4d61-9ebb-a777fa49e70a.">
  <p class="site-author-name" itemprop="name">Todd</p>
  <div class="site-description" itemprop="description">把生命浪费在美好的实物上</div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">34</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
            <a href="/categories/">
          
        <span class="site-state-item-count">2</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
            <a href="/tags/">
          
        <span class="site-state-item-count">7</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>
  <div class="links-of-author motion-element">
      <span class="links-of-author-item">
        <a href="https://github.com/ghostlitao" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;ghostlitao" rel="noopener" target="_blank"><i class="fab fa-github fa-fw"></i>GitHub</a>
      </span>
  </div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

        

<div class="copyright">
  
  &copy; 2019 – 
  <span itemprop="copyrightYear">2024</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Todd</span>
</div>
  <div class="powered-by">由 <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.org/" class="theme-link" rel="noopener" target="_blank">NexT.Gemini</a> 强力驱动
  </div>

        








      </div>
    </footer>
  </div>

  
  <script src="/lib/anime.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>

<script src="/js/utils.js"></script>

<script src="/js/motion.js"></script>


<script src="/js/schemes/pisces.js"></script>


<script src="/js/next-boot.js"></script>




  















  

  

</body>
</html>
